github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/lb_ssl_negotiation_policy.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_lb_ssl_negotiation_policy"
     4  sidebar_current: "docs-aws-resource-lb-ssl-negotiation-policy"
     5  description: |-
     6    Provides a load balancer SSL negotiation policy, which allows an ELB to control which ciphers and protocols are supported during SSL negotiations between a client and a load balancer.
     7  ---
     8  
     9  # aws\_lb\_ssl\_negotiation\_policy
    10  
    11  Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.
    12  
    13  ## Example Usage
    14  
    15  ```hcl
    16  resource "aws_elb" "lb" {
    17    name               = "test-lb"
    18    availability_zones = ["us-east-1a"]
    19  
    20    listener {
    21      instance_port      = 8000
    22      instance_protocol  = "https"
    23      lb_port            = 443
    24      lb_protocol        = "https"
    25      ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
    26    }
    27  }
    28  
    29  resource "aws_lb_ssl_negotiation_policy" "foo" {
    30    name          = "foo-policy"
    31    load_balancer = "${aws_elb.lb.id}"
    32    lb_port       = 443
    33  
    34    attribute {
    35      name  = "Protocol-TLSv1"
    36      value = "false"
    37    }
    38  
    39    attribute {
    40      name  = "Protocol-TLSv1.1"
    41      value = "false"
    42    }
    43  
    44    attribute {
    45      name  = "Protocol-TLSv1.2"
    46      value = "true"
    47    }
    48  
    49    attribute {
    50      name  = "Server-Defined-Cipher-Order"
    51      value = "true"
    52    }
    53  
    54    attribute {
    55      name  = "ECDHE-RSA-AES128-GCM-SHA256"
    56      value = "true"
    57    }
    58  
    59    attribute {
    60      name  = "AES128-GCM-SHA256"
    61      value = "true"
    62    }
    63  
    64    attribute {
    65      name  = "EDH-RSA-DES-CBC3-SHA"
    66      value = "false"
    67    }
    68  }
    69  ```
    70  
    71  ## Argument Reference
    72  
    73  The following arguments are supported:
    74  
    75  * `name` - (Required) The name of the SSL negotiation policy.
    76  * `load_balancer` - (Required) The load balancer to which the policy
    77    should be attached.
    78  * `lb_port` - (Required) The load balancer port to which the policy
    79    should be applied. This must be an active listener on the load
    80  balancer.
    81  * `attribute` - (Optional) An SSL Negotiation policy attribute. Each has two properties:
    82  	* `name` - The name of the attribute
    83  	* `value` - The value of the attribute
    84  
    85  To set your attributes, please see the [AWS Elastic Load Balancing Developer Guide](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html) for a listing of the supported SSL protocols, SSL options, and SSL ciphers.
    86  
    87  ~> **NOTE:** The AWS documentation references Server Order Preference, which the AWS Elastic Load Balancing API refers to as `Server-Defined-Cipher-Order`. If you wish to set Server Order Preference, use this value instead.
    88  
    89  ## Attributes Reference
    90  
    91  The following attributes are exported:
    92  
    93  * `id` - The ID of the policy.
    94  * `name` - The name of the stickiness policy.
    95  * `load_balancer` - The load balancer to which the policy is attached.
    96  * `lb_port` - The load balancer port to which the policy is applied.
    97  * `attribute` - The SSL Negotiation policy attributes.